RHSA-2019:3172MediumCVSS 9.0

Red Hat Security Advisory: Red Hat Satellite 6 security, bug fix, and enhancement update

Published
October 22, 2019
Last Modified
June 27, 2026

🔗 CVE IDs covered (9)

📋 Description

CVE-2016-10516 — python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py CVE-2016-10745 — python-jinja2: Sandbox escape due to information disclosure via str.format CVE-2018-16470 — rubygem-rack: Buffer size in multipart parser allows for denial of service CVE-2018-1000632 — dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents CVE-2019-3893 — foreman: Recover of plaintext password or token for the compute resources CVE-2019-10198 — foreman: authorization bypasses in foreman-tasks leading to information disclosure CVE-2019-10906 — python-jinja2: str.format_map allows sandbox escape CVE-2019-12387 — python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods CVE-2019-14825 — katello: registry credentials are captured in plain text during repository discovery

🔗 References (119)